I was reading about this yesterday and confirmed that I did not have
gov.ma.covid19.exposurenotifications.v3 nor gov.ma.covid19.exposurenotifications installed. I turned off auto-updates in the Play store (Settings -> Network preferences -> Auto update apps -> Don't auto update apps) and went to sleep. This morning I woke up with a cheerful notification that Google can help with COVID notifications and gov.ma.covid19.exposurenotifications.v3 installed -- the app was pushed overnight over explicit instructions NOT to update (sure, one can say auto-install != auto-update, but it is worrying that forced pushes can happen even with every single relevant UI switch turned off).
adb logcat seems to have the following relevant lines:
06-19 09:27:54.481 1689 1990 I PackageManager: Integrity check passed for file:///data/app/vmdl1074248108.tmp
[..]
06-19 09:27:55.580 1689 5456 D PackageInstallerSession: Ignoring abandon after commit relinquished control
[..]
06-19 09:27:55.649 1689 2530 W BroadcastQueue: Background execution not allowed: receiving Intent { act=android.intent.action.PACKAGE_ADDED dat=package:gov.ma.covid19.exposurenotifications.v3 flg=0x4000010 (has extras) } to com.google.android.packageinstaller/com.android.packageinstaller.PackageInstalledReceiver
(+ lots of other similar intents)
After that the package immediately becomes active:
06-19 09:27:56.539 1689 13571 D ConnectivityService: requestNetwork for uid/pid:10450/30673 NetworkRequest [ TRACK_DEFAULT id=1249, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED Uid: 10450 AdministratorUids: [] RequestorUid: 10450 RequestorPackageName: gov.ma.covid19.exposurenotifications.v3] ]
06-19 09:27:56.540 1689 3625 D ConnectivityService: NetReassign [1249 : null → 102]
[..]
06-19 09:27:56.833 1689 3750 E JobScheduler.Background: App gov.ma.covid19.exposurenotifications.v3 became active but still in NEVER bucket
So no, it is not just "oh those people opted in and just forgot".
Remember when Tim Cook put Bono's album in the iTunes library of everybody? That's when it felt that the smartphones are not our devices. Someone you don't know can and U2 album to your library without you ask for it or being able to do anything about it.
You can understand it with an OS update. It's the new shiny thing that comes with bunch of stuff and this new one has this new app.
However, getting it without action on our own part feels very wrong. Even with games, you would receive a pack or something that you can take action to activate. When it's happening without our action, it messes up with our sense of control and continuity.
Omg are you serious?! I have forever wondered how the heck I somehow managed to get the U2 album on my phone. I used to put a lot of music on my phone and assumed I did it by accident some how even though I didn’t own the U2 album (I used to download a lot of music back then so assumed did by accident). That solves a crazy long lived mystery on my end thank you. I don’t even know how I feel about that now. I don’t like that they can push things to my device. What is next photos? If someone can just insert data into a phone how can we in a court of law accept that it wasn’t false? I really hope some follow up on how this happened comes out.
If they had simply made it free to download for 24 hours, or pay-what-you-want donated to charity, few would have complained, and it would probably have generated a lot of positive rather than negative publicity.
I’d say that if a single album is a minuscule change to the list and wouldn’t make finding music any harder. If it is a major change (such as a list of 10), then I could see it being “bloat”, but it’s not like you couldn’t delete it.
It doesn't "come with" this backdoor. It is this backdoor. Maintaining a connection with the Google mothership is, approximately, Play Service's entire function.
I'm not affected by this, but that's an interesting idea. I wonder what'll happen if I report this (assuming Google has a place to report vulnerabilities in its products). They'd probably dismiss it as "invalid" because, see, it's not an RCE if it's only exploited by a "trusted party" like Google themselves.
This is why I like installing a firewall in my phone.
I have used Glasswire and am pretty happy with it (no affiliation) because it allows me to block individual apps from having internet connectivity, and can configure it to notify me the first time an app tries to connect.
Of course, the problem is that it's a hassle to have to check and block new stuff, or unblock when I need to use something (e.g. Uber).
Yes, I confirmed last night that Settings -> Google -> COVID-19 Exposure Notifications was off. (Aside, I read somewhere but have not confirmed this myself that manually enabling that setting leads to a flow for installing the gov.ma.covid19.exposurenotifications app, whereas the forced update is gov.ma.covid19.exposurenotifications.v3 -- note the extra v3). By the way, MassNotify app is not visible from Play Store search (both on mobile and on desktop -- https://play.google.com/store/search?q=MassNotify) and does not create an icon -- you can only find it in Play Store via its internal name (e.g. a link like https://play.google.com/store/apps/details?id=gov.ma.covid19...), and would have to specifically look in system dialog for all apps to see if it is installed.
It is obvious that we need better legislation to deal with all the new possibilities that technologies have opened.
The installation of this app, even done with good intent, open a lot of questions on what should be possible or not to be done by government and corporations.
When you get a device with pre-installed, uninstallable, or auto-installed apps. What are the rules?
> "By enabling this service, you can be quickly notified if you’ve likely been exposed to the virus by another MassNotify user, allowing you to reduce risk to your loved ones, seek medical attention, and slow the spread in your community."
In this case it seems that the same goal could have been better achieved by SMS that do not depend on the brand of your phone. The dependency on proprietary app stores and OSs seems a risk for the continuation of a free and reliable communications.
The only thing that is impossible to achieve without an app is to allow the user to select contacts to whom send a notification. Corporations like Google, and Apple know the list of all your contacts. So, it seems that the intention of the app is to reduce friction and send notifications as easy and effortlessly as possible to avoid that procrastination causes people to delay the warning.
But, instead of the silent install the government could have spend money in advertisement campaigns to assure a correct amount of installations. It costs money, but, people pay taxes so the government can engage on this type of initiative at a scale. This could have been a very good alternative, even if it means increasing the budged. Medical emergencies are worth the investing.
> In this case it seems that the same goal could have been better achieved by SMS that do not depend on the brand of your phone. The dependency on proprietary app stores and OSs seems a risk for the continuation of a free and reliable communications.
While installing an app without users consent can be as questionable as you want, the point about these apps are not the notifications itself but about the contact tracing which is achieved through the bluetooth functionality.
also, sending sms messages has other privacy concerns that the tracing apps have tried to avoid from the very beginning. having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.
This sounds worse to me? Rather than violation of a relatively small privacy (phone number), you instead get timestamp social graph interactions in the physical world. This seems like fat more extreme an invasion than the former.
The whole protocol was designed very cleverly from the start to avoid all the privacy blocks that might inhibit people from using it [1], because the main drawback in this is that it's completely useless unless you have a critical mass of users that actually use it.
It is very difficult to explain to people that are not curious about the technology and all they hear is 'tracing = tracking = no privacy'.
I imagine this is why this app has been silently pushed, but in my mind just having it available and active on phones does not help you that much if the same users are also not aware and actively reporting their infections. So you will have a very small group that consciously install it and when they get infected they report; a lot larger group will get a notification that they have been close to an infected individual. I suppose they hope that by showing those notifications then people that subsequently get tested positive will be curious enough to find out how they should report in, etc. It's risky especially seeing this backlash about silent installations...
>It is very difficult to explain to people that are not curious about the technology and all they hear is 'tracing = tracking = no privacy'.
But this is literally true. This is an app pushed to people remotely without their consent or even knowledge. People cannot trust the claim that there is no privacy gotcha involved in this, especially when previous attempts seem to have opened the log of this information to all installed apps:
Is there something special about it being an app? Because the contact tracing framework that the app uses was already pushed to people remotely without their consent or knowledge - as well as the contents of every update ever to Google Services Framework. And in the big scheme of shady shit that Android does without the user's consent or knowledge, that's a pretty benign, privacy-respecting one.
Read up on how the contact tracing apps work. They do not upload your data to the cloud. Phones broadcast a rolling random identifier, other phones collect received identifiers, and only on confirmed infection does the person's phone upload its last two weeks of broadcast IDs to the cloud, where other phones can grab them and cross-check.
Having someone's phone number allows you (via the phone company) to trace their location at any time, forever. That is much worse.
Edit: Surely we can come up with a more approachable explanation for less technical folks, though? Here's an attempt:
"Contact tracing respects your privacy and does not send your location to the cloud.
Instead, your phone makes up a new random name every 15 minutes and broadcasts it to nearby phones. It remembers the last two weeks of names it used, as well as the last two weeks of names it heard from other phones.
When someone catches COVID-19, they register it in the app. Their phone then uploads the last two weeks' worth of names it used to the cloud, where other phones can download the data. The names aren't connected to their identity, all they represent is someone who caught COVID-19.
If your phone finds a match between a name it has recently heard and the online database, it sends you a notification. After 2 weeks the data is erased, so you are only notified if you were near an infected person in the past 2 weeks.
Since the random names change every 15 minutes, nobody can track you or know that you are the same person as last time they saw your phone. The data is only stored locally, so after it is deleted two weeks later, there is no way to go back and recover it."
How's that?
(Edited because without the intro sentence it sounded like I was trying to imply the parent didn't get it; that wasn't my intent.
Still too complicated. I saw a comic version once, working through an actual example with some example IDs and it used phrases like "sends to the hospital" or "asks the hospital" etc. instead of downloading from the cloud.
Very non-technical people are not familiar with the basic concepts involved.
"Makes up a new random name and broadcasts it to nearby phones" is something they'd struggle with if they never heard or thought about random number generators, don't understand Bluetooth etc.
Also don't underestimate learned helplessness. Many will stop reading if it looks technical because they "can't understand that sort of thing. " Many such people never ever read such lengthy step by step technical documentation. It seems to them as a quantum physics experimental setup description sounds to the average programmer.
Learned helplessness is so real. My partner works at a help desk, and I constantly hear stories of older folks just mentally shutting down as soon as she has them open the start menu or a settings menu.
I even see it in myself, a super curious neophile software/hardware hacker. Sometimes I'll come across some particularly arcane API docs and it's like my brain just goes "tl;dr" to the whole thing and tries to immediately find a way to avoid interfacing with it.
That mental switch of "ah this is overwhelming, eyes glaze over" is all too easy to trip, even if you push through it and it really is not that bad after the fact.
It's also an ego-threatening thing. Often the older folks or otherwise nontechnical people are socially higher status and being lectured about something that they may not understand sounds dangerous to them or they take it as being challenged by them, especially if the person explaining it is lower social status, younger, "just a kid" etc.
It's easier for them to just refuse to participate and dismiss the topic as irrelevant, than to take up the game and then perhaps be seen as "dumb".
And this state of affairs is actually quite unnatural. The natural course of things over the millennia was that older people are more experienced and can give direction and advice to the young ones. Sure, this is still true in some "soft" topics, but the generational gap in understanding how the modern world works has never been so large.
When someone has lived 70+ years and done fine for most of those years. What is the use for them to learn what an "icon" on the "desktop" is, and why should they care about "browsers"?
This very much feels like justification for victim blaming.
Because the world changes. You don't change, you get left behind, sometimes in very important ways. (For example, my wife's licensing board now sends the renewal stuff only by e-mail, not snail mail. There are a few old-school people who have to get someone else to get the form for them.)
I prefer token over name, otherwise I think it's decent.
Here's my crack at it for fun:
Exposure Notification apps are a privacy preserving technology to help prevent the spread of COVID-19.
They don't collect or log any location data which is what makes them private.
Instead, a phone equipped with the app will continuously log and broadcast random tokens that change every 15 minutes.
Nearby phones with the app will take note of the token and the signal strength, while broadcasting a token of their own.
Each day the app downloads a public list of tokens that have been shared by people who have tested positive for COVID-19.
If your phone has been around a number of these tokens, it will notify you to get tested and self-isolate.
If you test positive for COVID-19 yourself, your doctor will give you a key to enter into the app. Entering the key will upload your tokens to the public list.
While exposure notification apps do preserve privacy, they are limited in effectiveness without widespread adoption. Additionally they are not a suitable replacement for traditional contact tracing.
Ahh apologies. It's not the wording of your paragraph, I understood both very well, they are well written.
It's a more fundamental understanding of stuff that's hard by those who are most at risk. The old, the vulnerable etc.
It's the old digital divide idea. My neighbor doesn't have any internet connected devices, for example. But she would benefit much more from the app than 40 of her mask wearing, young, self isolating, working from home fellow city inhabitants.
I didn't want to imply you didn't understand it; I was trying to come up with a more accessible explanation that might help others do so and help drive adoption.
You're right that it's not easy to explain, but surely we can come up with something that gets the idea across? :)
Well what do we expect? We've been shoving privacy down peoples throats for years.
You can't now expect them to be rational and trust us with: "don't worry we know privacy is bad, but THIS privacy breach is okay. Again trust us this is because of covid, we're the good guys."
> only on confirmed infection does the person's phone upload its last two weeks of broadcast IDs to the cloud
Alternatively phrased: “only upon government request does the person’s phone upload…” with the implied promise that such request will only come as a result of a CV-19+ test result.
Right. They can change things with the next silent update anyway. In Germany they also started requiring turning on the GPS while using it. Initially it wasn't necessary and only Bluetooth was needed. Who knows what they modify all the time. I have no spare capacity to follow these developments and when they decide to stop caring about privacy and go rogue in the name of harm prevention.
The apps used around Europe, including Germany's Corona-Warn-App, do NOT use GPS. It only asks for location permissions since it utilizes the exposure notification API that indirectly tracks your "location" relative to other users (i.e. the ID exchange)
I fail to see the difference. You say it doesn't use GPS, but then continue to say that it uses location data (and thus, I assume, GPS). So which is it? Or are you saying that the app doesn't receive the user location data, only Google does?
On android, a lot of APIs that have nothing to do with GPS (such as watching wifi networks, looking for devices on the same network, etc.) actually need the "location data" permission.
This is misleading, but it is made so because one could potentially use data harvested through those APIs to infer your location (for example, if an app has a map of wifi networks, knowing which networks are around allows it to infer your position)
Neither the App nor Google use location data. However, Google still prompts your for these permissions because, in their mind, the swapping of rotating IDs presents an indirect way of tracking somebody's location (although that data is solely stays on the device and is never transferred, unless a positive person decides to upload the list of IDs there were in contact with)
Even if it is perfectly safe with no potential for abuse, I deserve to make the decision to opt-in, not have it silently downloaded and installed. If the government thinks I am too stupid to understand how safe it is or that I should just trust them more, that is totally on them. They either need to communicate well or fix the trust issues.
> having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.
What? Many many bad people seem to somehow have my number. Practically daily I get an SMSs saying "I've been transferred $5000 to the please login to confirm your transaction .." or some such. I block but they keep on coming. Now, I think I'd rather the person who was responsible for these SMSs to have my phone number than a freaking app running on my phone, especially an app that was basically snuck on without consent.
Would it not be possible to send everyone currently in the state an SMS? I personally would be okay with the government having access to this type of PSA.
I'm not sure I get your point. The notifications are sent when system detects you were in contact with a person that tested positive, so mass messages don't make that much sense.
Unless you are referring to using the sms as a marketing way to encourage people to install the application...
“ When you get a device with pre-installed, uninstallable, or auto-installed apps.”
We’ve never had televisions in the house, but I finally broke down and bought a television so my kids could watch Disney+ on the big TV. The first television I purchased was a Samsung, and it came with these apps that I could not uninstall, did not what, and in fact used storage space that I couldn’t do anything about. I put it back in the box and took it back to the store, and got an LG. Very frustrating experience.
If people don't want to install the app, then that should be the end of it. The government's inability to convince people to install the application should not justify the application being installing it anyway. Just the contrary.
I'm not from NL, but I am someone that did not install the COVID tracing app that our government provided (for voluntary installation).
My reason was that I was not convinced by the PR that it is actually privacy safe. Just repeating "it uses a safe API, trust us/Google/Apple" was not enough for me.
The subcontractor that made the app did dump some source code on GitHub saying "see, we have nothing to hide". However it was very obviously not the same code as the app published on the Play store (for start, it had a different version number), it had a cleared out commit log, etc. Questions about that went unanswered as far as I know.
I try my best to prevent COVID spread, wear a mask, got vaccinated as soon as possible, etc. I think it's more likely that the thing with the app was just developers not wanting to bother too much with things they were not paid for than anything nefarious going on. However it raised enough red flags for me that I was not comfortable installing the app on my phone.
> While Android users can, in theory, opt to turn off Google Play Services, users of the Covid-19 contact-tracing app in Ireland cannot turn the surveillance off if they want the contact-tracing app to work. This means the collection and use of this data is unavoidable for people who wish to use the app.
> The data shared includes long-term, unchangeable identifiers of the phone users, including their phone’s IP address, WiFi MAC address, International Mobile Equipment Identity (IMEI) number, SIM serial number, phone number and Gmail address, as well as fine-grained data from other, potentially sensitive apps, such as banking, dating or health apps. This is data which, when considered together, has the potential to draw a very detailed map of our lives and activities.
This story was posted to HN last year, and received a tiny fraction of the upvotes of the story promoting the Irish / Google / Apple app's privacy features. Which would explain why you are downvoted, despite having been proven correct well over a year ago.
> users can, in theory, opt to turn off Google Play Services, users of the Covid-19 contact-tracing app in Ireland cannot turn the surveillance off if they want the contact-trac ing app to work. This means the collection and use of this data is unavoidable for people who wish to use the app.
I would find it quite amusing if someone submitted a gdpr complaint saying that unnecessary data collection is not optional.
Still, the point I was making is that Google absolutely lied about what their app was sending; and people who distrust them are more than justified to. The privacy virtues of the Irish app in particular were the subject of much lauding - when it was shortly after :proven: to be bullshit, that story got less than 1% of the traction.
If someone has stock Android with Google Play Services disabled, the app won't work. The instructions to install the app don't mention installing a replacement, they tell users to enable Google Play Services.
It's smart. The result of using these apps is that lots of people have to quarantine, even though these policies have not resulted in any impact on the virus in any way, and even though there can be test false positives (which is officially denied, so there is no way to appeal any positive test result). Why would people want to sign up for that?
If you think legislation is the answer, I’ve got a bridge to sell you. Who do you think writes the legislation and hands it to X representative? How niave...
HN crowd has fallen pretty far. Used to be WE build the things that make our lives better and now the top comment is calling for some ethemeral they to come up with legislation?
That’s BS. And, antithetical to any builder/havker ethic.
> This defeatist attitude toward legislating is self-perpetuating. We can at least hold our representatives accountable.
What can we do? I have no confidence that Congress will act in my best interest. Congress has some "partisan deadlock" but somehow I feel confident Intel's payday will go through without a bumpy ride
> U.S. senators propose 25% tax credit for semiconductor manufacturing (reuters.com)
We can't even get a modest broadband Internet infrastructure bill passed.
> Widespread fiber-to-the-home deployment would make a bigger difference for more Internet users than Starlink. President Joe Biden pledged to lower prices and deploy "future-proof" broadband to all Americans, but he's already scaled back his plan in the face of opposition from Republicans and incumbent ISPs. AT&T has been lobbying against nationwide fiber and funding for municipal networks, and AT&T CEO John Stankey expressed confidence last week that Congress will steer legislation in the direction that AT&T favors.
> Biden's pitch to build "future-proof" broadband technology is also facing opposition from broadband providers who don't want to build fiber-to-the-home networks in rural areas. Just before Biden announced his plan, AT&T said it opposes subsidizing fiber-to-the-home deployment across the US, arguing that rural people don't need fiber and should be satisfied with Internet service that provides only 10Mbps upload speeds.
I admit I got your comment a bit confused with another talking about local government. But the solution I think is in the same direction - start local. The few hundred people in congress aren't self-sufficient. They need support from the rest of the party machines to get campaign money and turn money into votes. Changing what the parties will support at the local level changes who gets the big money and who gets elected.
Shorter version though: campaign finance reform, oppose voter suppression, and ranked-choice voting.
Ok those other things I mentioned were still pretty daunting I guess. But corporations are still not interested in having their actions called out. Relatively low-budget operations like https://popular.info/ get good results in shifting behavior of big companies. (Note you can skip the signup page, just click "Let me read it first").
That was viable when computers were a tiny part of the world, but not when our power to change things became to great to be ignored.
Even back in the day when you could convince a public payphone to work for free by whistling the right way, that kind of interference in a public communications channel was enough for the powers that be to get worried. Now? Now phones are effectively universal, and every government can afford to pay developers to insert obfuscated backdoors in open source code, while the richest could do the same with the hardware from the silicon wafer up to the finished product. And they do, because they want to keep their power.
Just as you go to war with the army you have rather than the army you want, if you seek to improve our security and freedom you have to use the political power structures that exist rather than the ones you want to exist.
Or how about people just use GNU instead of GAFAM crapware? Turn "silently installing things in the background" off by default and maintain user control over all their hardware.
It's not like Richard Stallman hasn't been warning of this sort of thing happening for decades - the GNU project exists for a reason, and we should use their code for general purpose computing.
I think covid has shown that when the world is faced with a pandemic, not everyone agrees on what's common sense is in terms of how to respond as a society/government.
The difficulty of taking a government-sponsored and government-accessible substantial privacy risk (at a minimum) is something that some will find utterly unacceptable and others will think might be concerning or unacceptable in general but is righteously justified in this specific situation.
The first group’s common sense says “don’t install”; the second group’s common sense says “install via subterfuge if necessary”.
Fellow humans, there are alternatives! Your neck need not be under FAANG's boot! You don't even need to give up any functionality:
CalyxOS: https://calyxos.org/
Privacy-respecting Android distribution that replaces Google spyware with MicroG, so you can have your cake and eat it too. Most everything will work as you're used to, but it does still talk to Google to make that happen.
GrapheneOS: https://grapheneos.org/
Very much like Calyx, but extra-hardened and with no MicroG. No involvement with Google at all.
LineageOS: https://lineageos.org/
The successor to CyanogenMod, will work with many different phones. More privacy and control than stock Android.
There are also many others: Sailfish, Replicant, e
Hardware-wise: CalyxOS and GrapheneOS run best on Pixel 3, 3a, 3XL, 4, 4a, 4XL, 5. The path of least resistance is to get one of these phones and run CalyxOS (if there is an app you need to use that needs Google services like Firebase Cloud Messaging...note that many that can use FCM will run fine without), otherwise run GrapheneOS.
I feel like that perhaps calls for an asterisk to be added to your statement:
Fellow humans, there are alternatives*!
*As long as your device is one of the supported pieces of flagship hardware and/or you get a device specifically for it.
Which is unfortunate, because a lot of those devices won't be as affordable. I bought my phone for just over 100 euros, in part because it has a recent enough OS version and is pretty tough.
I feel like this situation won't improve until manufacturers get their crap together and make devices based on more open standards which may or may not ever happen. I still dream about the same level of hardware support that GNU/Linux has (with proprietary drivers), where most distros just run on most hardware.
The alternatives are just that - alternatives. Don't want to make compromises needed for them? Then don't and stay in Google / Apple candyland. Or, make a sacrifice yourself and develop the missing support for the phone you fancy. Manufacturers don't have incentives to help out here, with a precious few like Librem and Pine. I for one am happy they exist and will be glad to shell out 8-9x as much money for a promise of better privacy. And when many do so, the prices will come down too. There is no reason for having a load of tracking on your phone, it is there just because its OS was developed by an advertising agency. And the alternative is worse in freedom-to-fix view because Apple.
Hmm, the way i like to think about alternatives is to only consider the feasible ones - for example, if i'm developing a software project and i'd require a RDBMS, then i'd consider PostgreSQL and MariaDB to be alternatives to one another, because both of them would be likely to provide good results.
I'm happy that PinePhone seems viable as a daily driver (as long as certain concessions are made) and to be honest, their SoC offerings also seem extremely affordable even when compared to the likes of Raspberry Pi, for example: https://pine64.com/product/pine-a64-lts/?v=0446c16e2e66
That said, a lot of what was offered (alternative OSes) are not feasible alternatives in many use cases, such as when wanting to escape the dominance of Google with an existing device that has regular consumer hardware, particularly those that are already in the budget segment. Being able to install a new OS on any phone would be awesome, but sadly there hasn't been an effort, legislative or otherwise, to ensure that it's possible - right to repair seems to address some of the hardware aspects, but i've seen nothing like that for software (like mandating the use of open bootloaders and for manufacturers to publish drivers).
> Or, make a sacrifice yourself and develop the missing support for the phone you fancy.
This isn't feasible either, since many people like me simply won't be smart enough to do so, won't have the time to do so due to their current life responsibilities or both. That suggestion is good in spirit, but is not something that can be suggested to the common folk as genuine advice.
> I for one am happy they exist and will be glad to shell out 8-9x as much money for a promise of better privacy.
I am happy that you are able to do that and my hat's off to you, since "voting with your wallet" is indeed a good option. However, short of supporting a few content creators on Patreon, i'm unable to afford to live like that.
Buying expensive hardware like that would mean that i'd have to sacrifice any sorts of savings/investments that i could make that month, and it would cost a significant chunk of my salary (which is around 2000 euros after taxes per month). It's reasonable when you have decent savings or income, but that's not my situation and that's not the situation of many people out there.
> There is no reason for having a load of tracking on your phone, it is there just because its OS was developed by an advertising agency.
Ergo, that reason is the current stranglehold by the dominant powers that be within the industry, lack of interest/motivation for any of them to provide more open solutions and perhaps something to do with the reasons behind why AOSP can't just be a drop in replacement for Google's Android offering that could just be installed in ~15 minutes and would just work (consider migrating PCs from Debian to CentOS, or vice versa, which often works like that).
I applaud the efforts of people like you and others who invest in these technologies, but for the rest of society, we'll just have to wait and see how things play out, perhaps buying the budget devices when they become available. In that regard, ARM architectures overall seem to be promising, maybe some day all of what i'm saying no longer will be relevant in any way.
I see your point, I'm just saying that for many people viable alternatives already exist. But I understand completely that not everyone can (or is willing to) make the tradeoffs needed.
Btw, I hear FairPhone 3+ with e.foundation OS is a good choice too, if you want to avoid Google but still need Android. No first hand experience though, and it's still a few hundred euros.
That just seems like bad luck -- if your phone is even somewhat popular, there's going to be a XDA forum dedicated to it. I used to have a LG L90, a low-end phone bought for ~€120 that was by no means "flagship hardware". The phone shipped with Android 4.2, which was then OTA-updated to Android 5. Thanks to Cyanogenmod and later LineageOS, I managed to install Android 6, 7, and 8 as they came out, and only stopped using the phone after it physically broke down.
Ulefone doesn't seem to be that popular -- it's not even listed among phone brands on the XDA forums (https://forum.xda-developers.com/all-forums-by-manufacturer). If you want to have a €100 phone with LineageOS support, you definitely can (and do note that the LineageOS website lists only the "officially" supported models, not the community ports).
Yay can choose a alternative phone next time… just because you have a poorly supported phone doesn’t mean these options aren’t alternatives for you. Just that they aren’t free (as in beer).
I specifically bought a Pixel 3 recently because it had LineageOS support. Never again will I buy a phone that's locked into the manufacturer's Android releases.
I've been thinking about getting away from proprietary Google Services and their backdoors, but the one thing that's holding me back is Google Pay (NFC payments). It's way too convenient and I'm unwilling to give it up. Is there an open-source replacement/reimplementation maybe, or something like a way to run the original proprietary app with MicroG? What about other apps that require SafetyNet?
(Important note: I'm not from US)
(Google's data collection isn't much of a concern for me anyway because I block all ads and analytics — so even if they do collect something, they have no way of showing me ads)
There are some banking apps that use their own NFC implementation instead of Google Pay -- my bank used to do this before they caved and switched to Google Pay.
As an alternative, you may get a Curve card (https://www.curve.com/) to regain some of that convenience -- it can connect to several physical cards just like Google Pay does, but itself is a physical card.
It is 2 seconds if you're paying less than 1000₽. With a physical card, you have to enter the pin if you're paying more. You only have to unlock the phone before tapping if you're using NFC.
Have you thought about looking in to the problem yourself, or maybe just throwing some coffee money at the devs who are?
I'd argue you should still be concerned about data collection even if you're successfully blocking ads. It doesn't worry you that some super-powerful faceless corporation tracks your every move in the real world? It's one of those things...it won't be a problem until it is ;-)
It doesn't really track my every move in real world either — I removed the location permission for the Google app and disabled the creepy as hell location history a while ago. It doesn't track anything at all in the virtual world because I have third-party cookies disabled and run ad blockers on everything I own.
> Have you thought about looking in to the problem yourself, or maybe just throwing some coffee money at the devs who are?
The problem with this particular thing — making a free software, non-Google NFC payment app — is that it's a regulatory hell and requires partnering with banks. No way an individual would be able to pull this off. Also probably no way to keep it open, I'd be surprised if there are no NDAs involved.
I think of a prepurchase from Purism as something halfway between a purchase and a donation. They're truly doing the work that needs to be done, and I'm happy for them to take my money.
Even with Graphene OS you’re still using a phone that has a proprietary modem which has its own hidden CPU that acts like a black box. Who knows what it does or if it can read main memory.
I emailed massnotifyhelp@mass.gov to ask why the app was on my phone, and I got the following response:
Hi [my name],
In order for MassNotify to be available to users in their phone’s settings, an update was made by Google that resulted in some users seeing MassNotify appear in their app list in the Google Play Store. Apologies if this caused any confusion.
The appearance of MassNotify in the app list does not mean that MassNotify is enabled on your phone. The presence of the app merely means that MassNotify has been made available as an option in your phone's settings if you wish to enable it. For more information about this, please see this help center article from Google: https://support.google.com/android/answer/10775533
You can see whether MassNotify is active by going to Settings -> Google -> COVID-19 Exposure Notifications. The “Use Exposure Notifications” toggle at the top of the page will show you whether MassNotify is active or not. From this screen, you can also enable or disable MassNotify at any time.
If you have any further questions about this, or anything else related to MassNotify, please don’t hesitate to reach out and we’ll be happy to help.
Regards,
[name]
MassNotify Help Desk Team
www.mass.gov/massnotify
For information about MA COVID-19 resources
visit www.mass.gov/isolate
This raises an interesting point. Android subdivides much of its core functionality into various hidden "apps". Everyone's all up in arms about this, but I don't remember a similar outcry when the Covid-19 exposure API was "forcibly" added to the Google Services Framework. This isn't really any different from that, or any other OS update. I naturally agree that Google's remote-root is creepy and weird, but why is this the thing that's put a bee in everyone's bonnet? Is it just that an app in the app list is more visible? Won't this outcry merely encourage them to do things the less-visible way?
Likely because it's being perceived as a third party app that was just arbitrarily installed. At least it can be presented that way, which is enough to get the story to spread.
It's honestly not that far off from the truth. Just because google uses your phone as a personal playground all the time doesn't make this instance any more or less outrageous. If this is what it takes for it to be perceived as outrageous as it is, then fine.
Because it was done by the government, not just by Google. Yes, Google played a major role and yes, the tech companies do a lot of deeply concerning things on their own. But I was still taken aback that actual government software was installed on my phone without my knowledge or permission. It's a really bad precedent to set.
The fact that Google and the government worked hand in glove to do this doesn't make it less disturbing. Arguably it's more disturbing.
Precisely. That helpdesk answer is not adequate. Did Google push an app that the Mass dept of public help develops without MDPH being aware or approving that push? Or did MDPH know that google would do this?
Also because there's a substantial portion of our population that is radically opposed to anything that acknowledges the virus as anything but business as usual.
I think the real question is what mechanism allows them to push a random app to some phones? google play services is actively listening for remote installation requests?
that's essentially a remote-code-execution backdoor to all android phones?
>google play services is actively listening for remote installation requests?
Uh, yes? That is and always has been core functionality. You can click "install" on the Google Play website on your laptop and the app will magically appear on your phone, if both devices are signed in to Google. I triggered this behavior accidentally a good 10 years ago when I got my first Android phone, and it gave me the shivers - it really drove home the point that Google had root on my phone, not me.
In fact, this entire behavior is so normalized on phones we now have a special word for the process of downloading an app and installing it manually, the way we do on PCs: "sideloading".
That's not the behaviour of what happened here, where an app was downloaded without user initiation or intervention. There was no authorization from the user of the actions that were taken by Google or the app's vendor.
From a technical standpoint, it is the same. The phone maintains a connection to a Google server and listens for "authorized" installation requests - where "authorized" means "authorized by Google". When you click "install" on the Play Store on your laptop, you're not talking directly to your phone (how would that even work?) - you're talking to Google, who then speaks to your phone on your behalf.
Yes, of course, but this isn't a technical issue. Look at the webpage that this hn page references. When people say, "an app was installed on my device without my consent or knowledge," the exact method the device used to listen isn't important.
The first issue is that Google software allows non-authorized software installations. The second issue is that a government forced the installation of the app. The technical specifics are just implementation details.
This subthread is about the technical issue. The root comment asks "the real question is what mechanism allows them to push a random app to some phones?".
From what you've written, it appears that you are guessing as to the implementation details that correspond to the mechanism for pushing random apps to phone, which is in this case means un-authenticated apps. There may be an entirely different method used than the standard push method from selecting an app on the website.
A corollary of your question. If Google can lawfully install arbitrary apps on ordinary users' phones, can it also run arbitrary code on the personal devices of government officials investigating it for price fixing in the ad market?
"Arbitrary" is doing a lot of sneaky work here. You're implying that the law would somehow allow Google to manipulate investigators. But the law has broad allowances and exceptions in lots of areas, and competing permissions/denials that together weave specific allowances. There's little reason to think that the law couldn't allow app installation in general and also disallow either targeting of individuals or collection/manipulation of certain kinds of data.
>You're implying that the law would somehow allow Google to manipulate investigators.
Not the law. Google having root access on 2.5 billion android devices.
The law didn't allow Uber to greyball either. It did though.
This is a risk Google fully recognizes - it's why Google prevents f droid from updating apps one by one without user input. That's a privilege reserved exclusively for google play services.
Another question worth asking is "what is the governing law?" It is almost certainly contract law via Google's ToS. Government phones probably have different ToS, but government employee' personal phones have the same ToS we have.
If Google is asserting non-contractual rights, I'd like to know what they are.
Edit: I edited this comment because it was rude, and that was not my intent.
[Edit: the comment originally said their question wasn't implying anything] Of course you're implying something. If nothing else, you're implying the one might imply the other, and that the implication is worth attention.
The governing law that would protect people is a lot of things, and ToS is the least of it. The Wiretap Act applies, for example.
I'm afraid I disagree. Google running code on your phone implies it believes you have consented to that. That consent was not given in the app store, so it must have come from the ToS.
Consent is an exception to virtually every protection that exists: Wiretap Act, state wiretapping laws, the CFAA, and state computer trespass laws. Remember, consent is the difference between a home invasion and a dinner party.
So it seems that Google would have to cook up a pretty implausible stopping principle to argue that whatever allows them to do this does not also enable the hypothetical I described above.
If you've got a stock Android device you've obviously consented to Google running some code, and even updating to add new code after you bought it. On the other hand, apps are restricted based on permissions, and Google bypassing that would belie a consent theory.
You're making out like code is code and there aren't already existing lines and stopping principles, which just isn't true on its face.
> If Google can lawfully install arbitrary apps on ordinary users' phones
Of the partners in this, I think that the source of authority waa almost certainly the other one. It’s not Google, but the State of Massachusetts, whose authority is likely involved.
That also means it's going to be hard to sue over this, because the courts where you might do so are part of the same Commonwealth that authorized the action. Even if you could get a case on the docket, they'd just say the magic words "sovereign immunity" and it would disappear.
I thought this was well-known, Android is not private at all until you degoogle. Unlock your bootloader then install a ROM without Google Play Services such as GrapheneOS, CalyxOS or LineageOS.
You can consider installing microG also as an open-source minimal implementation of Google Play Services if some of it's functionality is absolutely necessary for you to keep.
The factual basis of your assertion is absolutely true, but your attitude is unhelpful and defeatist.
There is a chasm between "a state actor throws an 0day at you" and "Google remotely installs an app on your phone". The latter is done at scale. The former is expensive, risky, and used relatively rarely.
If you're organizing a protest movement, it's totally reasonable to factor government 0days into your threat model. For more boring people, running GrapheneOS is a great way to reduce the attack surface they expose to the advertising and mass surveillance industrial complex.
1) http://ramtin-amin.fr/#nvmepcie, http://ramtin-amin.fr/#nvmedma (the two articles are separate but the first provides incidental context for the second) the iPhone 6 kinda maybe sorta didn't dot the Is and cross the Ts with the MMU side of things. So, USB is awesome in that the failure state is "probably can't RCE".
2) I read a comment on here, which I should be able to re-find, but hn.algolia is not cooperating, suggesting that the system design of a particular AGPS implementation (a few years ago) interposed the GPS in between the CPU and the cellular radio such that the GPS SoC could do HTTP requests to grab its almanac that all of Android, down to the kernel, had no idea about.
IMHO this level of security paranoia is at the end of the day a micro-optimization. For any given device, you're looking at maybe two or three dozen Things Containing ALUs™ (often buried inside subcomponents buried inside other things); one or two concentrations of several billion transistors; and an unknown proportion of manglement, incompetence, cost-cutting,
internal compromise (because guarantee there's none), and Agreements™. Honestly: give up, and declare that whatever makes you feel better is enough.
Do any of the privacy oriented custom ROMs protect against that? I can't imagine their maintainers seeing code that just installs any app the ISP wants and be okay with it.
The problem is, its usually cheaper the more things you can shove into the 1 hardware item, so you have your cellular hardware in the same chip as your CPU and GPU. Not much a ROM can do about this unless the chip itself supports disabling direct memory across the two items, + does it correctly, + doesn't allow it to be reversed from the other side, + you would also need the datasheet to find out how to implement this.
Generally why privacy roms don't support more than 1 or 2 brands total, I guess.
There are also platforms with strict division between the seperate parts of hardware, la pinephone and the librem5
A core issue is that building Android ROMs is very difficult to do so in a simple and accessible manner. The build systems generally all require enterprise server level of memory and a build can easily take hours. Every device has a unique configuration, imagine if every brand of laptop ran their own variant of Ubuntu. For most "ROMs" that you find on obscure places like XDA, the builds by random people across the globe are a much greater security risk than good first-party updates.
The entire "updates" culture is essentially RCE backdoor (botnet) functionality for "trusted" tech companies.
Consent, where it is actually explicitly obtained, never rises to the level of "informed". That's because even if a user "consents", she still cannot see what is in each update.
WU allows hardware manufacturers to silently install literally anything based on hardware ID matching and the only way to prevent that is to disable WU driver updates entirely (via GPC/registry).
In my case the maker of my motherboard installed a persistent “self-repairing” (i.e. difficult to uninstall) from yet another third party. Naturally, I will not buy a product from them (MSI) again.
Another way to put this is: windows update will install malware w/o user approval in the background.
How does the thing know you're a Massachusetts resident?
People who have the contact tracing setting disabled are reporting they still got the app, so the obvious answer seems not to apply.
Is it just getting installed on any device that enters MA? New England states are pretty small, and there's a lot of crossover, especially with states like Maine and New Hampshire, which wouldn't take this very well.
Or, if you have a layover at Boston's Logan airport, do you now end up with its contact tracing app?
Not a resident. I just found it installed due to HN. I am in MA at this time.... and have no idea when it was installed. (Of course I uninstalled it immediately)
If they're also hitting phones that were only in the state temporarily it must be using cell tower locations right? I use an always on VPN and it still auto installed (without opting in) but I have my E911 address set here so I'd have guessed that otherwise.
Not exactly. On the Android store you can choose exactly which device to install an application on.
For Apple as far as I know the most you can do is buy the app on desktop and, if the device is configured that way, it will receive the new app. This means it’s limited to new purchases and by the device’s settings.
Ok, but my point was that on Android and iOS it is possible to install apps without touching your phone. This qualifies as remote code execution. You need your credentials for doing this, but google and Apple apparently don't need them.
Thank you, I've even used this functionality some years ago but didn't remember it existed.
I've since de-googled my phone and sacrificed some apps that require google services, but this whole thing shows (to me) that it was the right decision.
My guess is that it's the Play Store app itself that does this (con.android.vending). That app is responsible for both updating itself regularly and installing/updating other apps.
One possible way: There is a daily job run in the Play Store called "daily hygiene" that performs various configured tasks based on device state and device targeting. It would not be difficult to add some code to install this app for MA users, then push it with the next Play Store update. I am very unpleasantly surprised that this app was installed from a policy perspective, however.
They don't have to add any code or push a Play Store update or wait for a daily cronjob. Listening for remote installation requests is a core feature of Google Play Services. It is not a mystery how this was done.
Google and apple install tons of software basically without consent (os updates) , so an app being pushed like that is not surprising. It is worrying however that tech people dont seem to realize how great their tools are for totalitarian states , which push apps and spying much worse than this to their subjects. We really need to talk about users owning their devices and their software rather than leasing them. There is no device that allows users to control what it does , that's scary
You are explicitly allowing to install updates in phone's settings. It is made painfully clear.
The question here is about what mechanism Google used to install an app, can it be disabled, and what other kind of apps Google is capable of installing silently on the devices?
This is just software updating software, so a switch would just be a token gesture, unless it wasn't, in which case you need to have the software be loaded from some ROM and the ROM only writable when the switch was activated, in which case that would be a fantastic device.
But it also brings up the false sense of security, a floppy drive could just choose to ignore the switch and write anyways, just as the phone could secretly write the firmware.
... which does not actually make the medium non-writable but only acts as an indicator to the drive, which with the right firmware could just ignore it.
Most of the comments on that app as well as here are probably wrong. I'd suspect that everyone who had the app "installed without their permission" opted into the Android COVID-19 Exposure Notification program. This was deployed by Google as part of an update to Google Play Services.
When you go to your phone's settings with this update, there's an option to enable COVID-19 Exposure Notifications. When you turn it on, it prompts you for your location and will download your region's app that uses your phone's new capabilities to connect to the appropriate health authorities.
Massachusetts just opted into this program in the last couple of weeks. I'm honestly not sure why they did it so late - this would have been helpful earlier. Apple iPhones also have this capability, including interoperability with Android phones, and iPhone users in Massachusetts are also able to turn on this setting.
Now, if someone can actually prove that they didn't opt into the COVID-19 Exposure Notifications, then I'd be concerned. But my guess is they opted in when it came out, but there was no app for their region, so nothing was downloaded and the feature did nothing. Then, Massachusetts rolled out the app now and lots of people who configured their phones earlier in the pandemic got a new app. They granted permission for it, perhaps months ago.
I don't know what kind of proof you want, but I just looked at my phone settings after reading your comment. The exposure notification option is there and it's off. The region selection is grayed out because of it. Yet I got the app (uninstalled it after I saw this on hacker news).
I did get a notification when it got installed but I thought it was just a push similar to amber alerts. I didn't realize it installed something at the time.
I'm in Boston and it wasn't installed on my phone (exposure notifications have always been off AFAIK). I'm on old iphone 5s, not sure if that makes a difference or maybe just specific areas? According to this, https://thesomervillenewsweekly.blog/2021/04/05/massnotify-a..., different cities were piloting at different times, although it all seems opt in.
Same here. Never opted in, just checked and that hasn't changed. I hadn't even selected a region, so it shouldn't even know which invasive app to install, but I still got it.
I'm a MA resident and this app was on my (Android) phone...until a few minutes ago when I read about it on Hacker News, found it, and deleted it.
I have no memory of ever opting into the program you describe, and it isn't the type of thing I would normally do. It's possible I guess.
In any case, the way they did this is creepy. There was no icon for the app; I had to look in Settings/Apps & Notifications to find it. And neither the official state press releases nor the few local news stories about it mention that the app was installed without notice. They use vague, lawyerly language about how it can be "enabled".
> In any case, the way they did this is creepy. There was no icon for the app; I had to look in Settings/Apps & Notifications to find it. And neither the official state press releases nor the few local news stories about it mention that the app was installed without notice. They use vague, lawyerly language about how it can be "enabled".
This incident and your comment reminded me of a story Bezos mentioned in his interview about the time Amazon deleted 1984 from kindle. The analogy he made makes me wonder how can we compare what happened here to what Amazon did..
“Without any notice or warning just electronically go into everybody’s Kindle, who had downloaded the book and just disappear it…so it would be as if we walked into your bedroom in the middle of the night, found your bookshelf, and just took that book away”
MA resident as well, what worries me more is that someone thought that this method of installation was a good idea and even more worrying is that they were also able to execute on it. It feels rather shady and nefarious the lack of public announcement on it. Shenanigans like this how you get the populace to trust the local government less, which is the last thing this country needs.
It's actually great it's happened. It showed everybody that the government can install whatever they want on your phone without your consent and knowledge. In this case they decided to leave you the option to uninstall but in the future they might not and spy on you at will. Another reminder you are not the owner of your device.
Which leads to the question: if anyone powerful or wealthy enough can take total control of your phone, how comfortable do you feel with that?
There are two routes here. One way is to deal with it the European way, i.e. to try to fix it by a legal framework. The other one is a technical solution like Purism, which is very far from mainstream still. The sooner people realize they have a problem, the sooner they start organizing to find a solution.
My kids really want an oculus but I absolutely refuse to let Facebook into our house, anymore than I knowingly have to; I’m sure they’ve weaseled in other ways I don’t know about yet.
Well, given that a significant percentage of citizenry is anti-vaxxer-level-stupid, there isn't much improvement over people trusting their local Government either…
Considering in a not too distant yesterday(pre-Covid) the "anti-vaxxers" were all liberal/granola types and now they are magically all conservative/racist types, perhaps you may want to re-assess your 2-dimensional view of the real world. I believe a cogent example was on the front-page of HN just a day or two ago, but IANYG.
"Not too distant" means only five years ago. The "anti-vaxxers" were people who lived in primarily white, primarily wealthy, primarily urban or suburban environments and who refused (usually) the MMR vaccine.
You don't find measles outbreaks in rural Mississippi. You find them in Washington, New York, and California. [1]
So it's pretty rich to label someone as an "anti-vaxxer" for refusing the experimental, emergency-use, mRNA jabs, when that person has never demonstrated even the slightest hesitancy about receiving or administering every other approved vaccine.
Labels like anti-vaxxer just seems to be weaponized propaganda to me. It’s a cheap, easy way to discredit someone you don’t agree with. Hopefully as time goes on and disparaging groups throw these accusations back-and-forth of each other, that it eventually dilutes their meaning and impact.
lol. I never mentioned the political leanings of the anti-vaxxer type; just that they are either very stupid people or misinformed by propaganda originating somewhere. it's interesting to see multiple downvotes on my comments from the folks who probably saw what's not written up there, just like you did. the "conservative/racist type" you said?
quick question: what made you put the labels conservative and racist together?
also, a liberal eating granola bar might be stupid, but their actions do not put anyone else in danger. an anti-vaxxer however is a risk to the society in that they are an active and potential host to a disease in circulation.
Wow, I thought I was someone who didn't get the app when I checked the icons but once I went into settings, there it was. I even have a NH phone number but live in MA.
Did you get vaccinated? If so, did you supply your email address related to your Google account on the form or enough other information to link the two? Did you read all of the related documentation? I wouldn't be surprised if they slipped somewhere on the form that you were agreeing to it.
I did supply my email but it's not a Gmail or Google for Work email address nor a domain tied to those. Exposure notification is clearly off. Still got the app.
I reverse engineered what this does in practice on pinephone modem (Quectel EG25G), for example, and there are pre-compiled binaries there for tmobile and vodafone that process their particular OMA DM flavors, download some configuration and code from internet and run it under root on the modem's SoC ARM CPU. (that's still isolated over USB from the main pinephone SoC, but obviously not good) It's also thankfully disabled by default, but if you google for oma dm android, you get reports of this protocol being used still.
Whatever it does on regular Android phone depends on how well it is implemented on android. Regular phones don't have two almost-isolated SoCs like pinephone, so oma dm client would probably run on the main SoC, and all depends on how secure that binary blob is or what it does/allows the operator to do.
Quectel software is a bit of a turd, so I woudln't take from this that operators can run random code they make the device download under root user, using this protocol. Most proprietary software like this is pretty shit, so I wouldn't feel warm and fuzzy safe on random Android device either.
Can one use pinephones to collect these blobs, and then try to run them on Android simulator or whatever for more specific knowledge about operators' practices?
I was about to say it might be through the carriers. I put a Verizon sim in my phone and I got a bunch of BS apps installed on my phone a few days later.
I just went through the Exposure Notifications flow on Android, and selected a region where it's not currently available (Arkansas). It displayed a message saying it wasn't supported in my region, and left the setting disabled. While it's still possible that your theory is correct, I certainly don't think it's the intended flow as of now.
I have no memory of opting in, I checked under Settings -> Google and "COVID-19 Exposure Notifications" was set to "Off", and the MassNotify app was still installed on my phone. It has no icon and the only way to find it is going to Settings -> Apps & notifications -> See all apps and it comes up under "Massachusetts Department of Public Health". Then when you go to the Google Play Store and search "MassNotify" or "mass notify" or even "Massachusetts Department of Public Health" (the exact name of the app), it doesn't come up in the search results. You have to go to "Manage apps & device" on the Google Play Store then scroll down to "MassNotify" which doesn't even match the name of the app in the other settings menu. This is pretty shady.
I just found this app and removed it. And I definitely did not opt into any kind of covid tracking earlier.
This app seems to use Bluetooth to track potential violations of 6ft personal space and notify people if someone from that list later gets a covid positive test. Whatever the noble goal is I do not want it on my phone, this is creepy!
Virtually every non-trivial Android application has these permissions, none of which are even important enough for the system to prompt you for permission. The only interesting one is "pair with Bluetooth devices" which is how the Exposure Notifications system works.
All these permissions are granted without ever being shown to the user, due to being in the "other" category. If you install this app normally, Android will never ask you for permission, but just silently grant these permissions.
"full network access" is a hugely important permission.
My cynical side believes that the reason for it not being as visible as other permissions is that platforms profit from the ad-driven app model, which itself heavily relies on an apps ability to access the internet.
That could also be why stock roms do not allow users to disable full network access on a per app basis. (...like, for example, the camera permission.)
It's actually not disableable because there are so many ways to bypass it.
For example, just trick a user into clicking a hyperlink to another app like a browser which does have full internet access, and you have successfully exfiltrated any data in the URL.
I mean sure, you could do that, but it would be complicated, conspicuous, tiring for the user and you would still only get one-sided occasional transfer. It could exfiltrate data, albeit suspiciously, but it wouldn't work for ads .. which are the likely motivating factor.
Other motivating factor may be tracking, which google and vendors want to do, but I'm not sure what the stance would be on others tracking their users.
Yeah, this also seems like the most logical reason to me.
If your business depends on people seeing ads in apps, why give them the possibility to circumvent them?
I have no memory of opting in to this, but it was installed on my phone.
Updated to add: well I'll be, an hour after this comment and seeing the link show me that Mass Notification was installed, I was prompted to opt-in appropos of nothing.
Another MA resident here. Never opted in and it still shows I'm not. The app was silently installed on my Android. There's no icon so I thought it didn't install at first, until I looked at my app list in settings.
I'm curious to know if there's any MA Android users that previously removed Google Play, and if they still have the app or not. My guess is no?
This speculation is 100% wrong. I checked for this app after seeing this and had it listed under updates available (it was installed already)
So I decided to check if I was in fact opted in and I was not opted in. Everything was off and this app was still installed without my consent. I do have automatic UPDATES turned on, but that shouldn't tell Google to just push whatever they want to me. You should probably edit your post saying your speculation is wrong.
I don't know what kind of proof you want, but I 100% never opted in.
"These phones being affected COULD BE all Carrier Locked phones which have specific terms to allow such behavior."
I use a unlocked Pixel 4a on Google Fi and still got the app.
I can only speak for myself, but I checked my settings and the COVID-19 Exposure Notifications setting is set to "Off" and I still had this app pushed silently to my phone. What's even worse is there's no app icon for it on the device and it doesn't show up under your app list. I only knew it was on my device at all because I have auto updates turned off and it was in the queue waiting to be updated in the Play Store.
I wasn't opted in. I have recently moved to Massachusetts, the app was probably installed during the last system update. I remember seeing a prompt after rebooting my phone to finish the update (this week, Pixel 3a) to enable contact tracing. I said no, but obviously the app had already been installed automatically, and apparently stayed.
To clarify: It's in your Google Account settings, not a separately broken-out setting that you see when you first bring up your phone settings, or at least it's that way on my phone.
FYI: Google can remotely install/delete/alter any app on your phone without your notice if you have GAPPS installed, and they removed the option to disable it back in 2.* days.
This is very rampant in India. Operators keep pushing crapware like Linkedin app, clash of kings, etc for money from app vendors.
I think it baffles me that there is enthusiasts that will defend either side as an absolute. I mean I get it, people tend to fall into tribal thinking. But sometime you have to take a step back and remember that these are just gadgets.
Personally, I run Android. It is an OS. It is ok. Not great not bad. I don't really care what other people run, I just hope it doesn't treat them to poorly.
I certainly don't defend iOS and am unlikely to ever buy an iPhone. Overall I like my phone better than my previous phones, but Android is certainly designed so that manufacturers and providers can irritate their users on a whim leaving them with little recourse.
I like my phone, the Palm Phone, overall. Definitely the least annoying phone I've ever had, even less bothersome than my Windows Phones or flip phones of the past. I just find Android to have somewhat of a user-hostile design.
I wonder if this is the same functionality some carriers use to install their management app on your phone. For example, I've recently bought a second hand Samsung tablet.
I've reset it to factory settings and put in a Vodafone SIM. The next time I looked though the installed apps I saw some Vodafone Services app that I didn't install. It couldn't be removed either.
So clearly, either Google with play services or the carrier over the baseband modem can install apps without user consent.
Is there any way this can be avoided? Do open ROMs like carbonROM or LineageOS protect against this?
> The next time I looked though the installed apps I saw some Vodafone Services app that I didn't install. It couldn't be removed either
Are you sure that's an actual Android App and not just the SIM Application Toolkit[0]? On iOS these show up under the Carrier menu in Settings but on Android it shows them as if they were an app, even though it's something running on your SIM card (they are backwards compatible and show up way back on old feature phones).
That's a very good point! I removed the SIM and the app was gone again. So I guess you're right, it may be installed on the SIM and not actually the device.
I think it's far more interesting to think about what went wrong so that the MassNotify app actually displays as installed on these devices. All of the Android COVID exposure apps for US states are simply the Google Play Services COVID Exposure Notifications code with an icon, splash screen, and possibly some text. The idea is that you enable the setting by installing the app, but in this case it seems that rolling out the setting itself has caused the app to appear as installed. I wonder if there was a misconfiguration on the part of the MassNotify developer, which caused this. The push to devices enabling the setting is likely automatic on Google's end, so I doubt a human did a check to ensure the MassNotify app behaved as expected.
At the end of the day, there likely wasn't actually anything more than a package ID installed on user devices. It didn't opt anyone into exposure notifications, and it most likely didn't include any executable code.
This is not true. An app _was_ actually installed on my device. The device isn't rooted, but I have Developer Options enabled and I can see that the folder /data/data/gov.ma.covid19.exposurenotifications.v3 exists.
Logcat also shows that this isn't a Google Play misconfiguration where it would show details about an application as if it were installed. Executable code was installed and run on my phone.
06-19 10:55:21.977 1192 1609 I ActivityManager: Start proc 10474:gov.ma.covid19.exposurenotifications.v3/u0a418 for service {gov.ma.covid19.exposurenotifications.v3/androidx.work.impl.background.systemjob.SystemJobService}
06-19 10:55:22.032 10474 10474 D LoadedApk: LoadedApk::makeApplication() appContext=android.app.ContextImpl@bfaf057 appContext.mOpPackageName=gov.ma.covid19.exposurenotifications.v3 appContext.mBasePackageName=gov.ma.covid19.exposurenotifications.v3 appContext.mPackageInfo=android.app.LoadedApk@1f755d6
Why do this at this late date? A year ago it would have been useful. Now, 59% of Massachusetts's population has been fully vaccinated. About 70% have at least one shot. A bit more pushing and they'll hit 80%, which seems to be about where the epidemic dies out for lack of new carriers.
> Why do this at this late date? A year ago it would have been useful.
Because it took time to develop, and now they just shipped it?
Maybe if the US had had a functional federal government prior to January then a national exposure notification app might have been developed, rather than relying on the states to do their own thing. Or not. But it's too late now.
I'm not a USAian so I don't know what the take-up of a federal government app would have been. Probably insufficient given what seems to be the ambient level of distrust and misinformation.
I've been running the UK/English NHS tracing app since the start of the second wave here, and I have no complaints. I'm happy with its approach to privacy, and that I've never had an alert from it despite living in a region with high covid incidence has been reassuring.
The US public has (ironically) a long history of being more wary about what their Federal government gets to know about them than the citizens of other nations.
A great example is the lack of any kind of proper federal identification service or registry, something that has been brought up several times over the past century and been met with mass public outcry. So instead we rely on social security numbers, which were literally designed to be bad at identification.
In general the status quo is that the states handle this stuff instead. Whether it be drivers licenses, school circiculums, road maintenance, and emergency responses to natural disasters. Pandemic response is no exception to this. Sure the Federal Goverment often provides funding and guidance but it's largely up to state governments to actually examine and enforce these guidelines.
The point I'm trying to get at here is a federal contact tracing app was never in the cards, regardless of who the President is. The Presidents powers are largely limited to transient international policy (diplomacy, tarrifs, war, border control) and various congress approved Federal agencies.
Only if coupled with a public health program that does something. We might reach the ring vaccination stage, where each case triggers contact tracing and testing and vaccination of all contacts and the people around them. That's how smallpox was wiped out.
> Only if coupled with a public health program that does something
Isn't that what this whole Massachusetts thing a step towards? But my point is that the public health program can't really do something when there's thousands of cases, but the lower case count means this can be effective once more.
As far as I can tell, you can't ring vaccinate for this. 1) SARS-CoV-2 vaccines don't work after exposure. 2) You don't have exceedingly obvious symptoms when you become infectious. 3) IFR is not that high for most people, and if they care about that they are already vaccinated. Smallpox is very different in all of those metrics, making ring vaccination possible. Pulse vaccination might work better, but only with vaccines that majorly reduce transmission for quite a long time (BioNTech-Pfizer, Moderna, probably NovaVax), it's possible you would have to pulse J&J too often to be practical. Hopefully the original antigenic sin issue won't be so bad that re-targeting antibodies is not effective in most people, otherwise giving up on transmission control and trying to reduce deaths might be the only option, if new strains arise.
Why do most of the things governments have been doing about COVID? Not because they work or make sense, most of their policies were undermined by data showing ineffectiveness a long time ago.
a government installing a software without notice or consent onto their population's devices is not something a healthy functioning democracy does, it's what a psychotic paranoid despot does. if the Mass Gov truly wants to minimize harm this is the opposite of what needs to be done. all this will do is drive conspiracy theories and deepen a very legitimate mistrust in the institutions that plague the USA (which helped give rise to people like donald trump)
>"if the Mass Gov truly wants to minimize harm this is the opposite of what needs to be done."
where is the actual evidence for this? Both Taiwan and South Korea deployed massive, digital tracking efforts to respond to covid often at the cell-provider/ infrastructure level so the entire population was covered whether they wanted to or not.
Nothing about this was despotic or paranoid, it was simply the correct, swift, and strong response to the situation at hand. Until half of Americans have voluntarily installed a tracing app on their phone, if they even know how to do it, we're five years into the pandemic.
Defaults matter. There's a nice example from organ donations in a study conducted by Johnson & Goldstein[1]. When you ask people to opt-in, even if you send everyone a letter personally, only 30% do. When you switch to opt-out, 90% stay in without any resources expended. I would like to think the first obligation of a healthy democracy is to the health of her people. What gives rise to despots is governments failing exactly at that, providng essential functions, being harmstrung by excessive checks and mistrust.
It's the power of defaults that make them easy to abuse. To the point of that study, Richard Thaler who has studied the subject extensively argues more easy mandated choice (i.e. you have to make a choice one way or another when you sign up for a drivers license). Opt-out is a sufficiently powerful default that it's reasonable to assume that many never made an actual reasoned decision to do so. For trivial matters, it may not matter much, but in the case of something like organ donation families can and have argued successfully that the deceased never actually made a choice in the case of opt-out.
defaults absolutely matter, which is why surveillance being the default is deeply troubling to me. I do not care what the justification flavor of the day is, it's not a good trend to normalize. all it takes is another donald trump type figure to abuse this for evil. hell even a 3rd party could if this was implemented poorly, which is an all too common occurrence.
In the USA, nothing is more permanent than a temporary government program, keep that in mind.
Critics of the current US administration have been labeled as white supremacists and terrorists. Many of them are currently held in solitary confinement. Most are held on the misdemeanor of trespassing in the Capitol Building.
>"...was beaten by a prison guard and left with permanent eye damage."
That's the current climate surrounding a single politically charged incident. There's a long history of abuse, from the COINTEL program, extraordinary rendition, torture and current events. Yes, we should absolutely be concerned - regardless of the partisan takes.
>"...Arar protested that he only had a casual relationship with Almalki, having once worked with Almalki's brother at an Ottawa high-tech firm..."
in Taiwan, system base on everyone send one message to government when they into one shop or work site, and then if some infected one pass same site, government will send message to warn you. it don't need install anything and it is optional (although shop will refuse offer service...)
it was neither desponic nor paranoid. Paranoia is an irrational or delusional bout of fear. Thinking the cleaning crew in front of your house is secret agents trying to kidnap you is paranoia, taking measures against a pandemic is not, because the pandemic is real and deadly. In the same vein, despotism is the tyrannical and arbitrary exercise of power, not merely the exercise of power towards legitimate ends.
In fact if anyone is paranoid then it is the public every time the issue of governance and technology converge, because in particular in the US there exists a phobia both to technology as well as government.
taking measures against a pandemic is not, because the pandemic is real and deadly
The existence of a problem does not imply that any measures taken to address it are reasonable. Child pornography is real. Should the government secretly install an app that scans your photos and reports you if it finds anything suspicious?
because in particular in the US there exists a phobia both to technology as well as government
Surreptitiously installing tracking apps is not going to help with that.
It doesn’t. All it can do is request Google Play Services to enable distributed covid exposure notifications, which in turn means the app itself doesn’t even get bluetooth beacon data.
Are you sure about that? Previously they required the location permission to scan for nearby bluetooth devices (because of the obvious implications). Recenly they've split that into it's own separate permission. It that what you're thinking of?
Not guessing no, but I distilled what they said unfavorably. My understanding was that they thought they could not communicate to their customers the complexity of how bluetooth can be used to infer information about location. But somehow this communications barrier meant that they thought it was better to expose GPS data too? - Hence why I feel justified treating them unfavorably in this case. It was just an absurd way to reason that they presented. It should have been obvious that it's better to protect as much data as possible when the user often has no choice but to enable bluetooth.
Calling installing a contact tracing app (which really is just a small wrapper over the existing Exposure Notification API) as "fucking evil" seems like bit over the top...
Interesting. I started getting the COVID exposure opt-in message a few days ago. I've declined both times it's popped up (it's already too late to be contact tracing, no need). This app is already installed on my phone apparently despite declining to opt-in.
I don't think it will happen or that we particularly need to do it, but at this point, contact tracing (I'm talking about in the US) would be cheap and effective.
Especially if it traced back to likely exposure events.
I too found this after reading about it here. I contacted them and received the following reply.
> Exposure notifications cannot be enabled without user consent, so if you have not turned MassNotify on, then it is not active on your phone. However, a recent Google update, which makes MassNotify available as an option in your phone's settings, is causing some users to see MassNotify in their app list. Apologies if this caused any confusion.
>
> The appearance of MassNotify in the app list does not mean that MassNotify is enabled on your phone. The presence of the app merely means that MassNotify has been made available as an option in your phone's settings if you wish to enable it. For more information about this, please see this help center article from Google: https://support.google.com/android/answer/10775533
>
> You can see whether MassNotify is active by going to Settings -> Google -> COVID-19 Exposure Notifications. The “Use Exposure Notifications” toggle at the top of the page will show you whether MassNotify is active or not. From this screen, you can also enable or disable MassNotify at any time.
I'm an MA resident and feel a bit deceived that I agreed to the exposure notification feature last night. It was late when I received the push notification, and I agreed to enable the feature not fully realizing a new app would install (which was me not thinking clearly, but I was literally lying in bed trying to sleep).
Now I don't know how to uninstall the app... I can disable exposure notifications, but it appears to be a built-in app I can only see in settings, not on the home screen. Am I missing something? The language is confusing too: "Your iPhone is not collecting or sharing exposure notification data with anyone." It is not collecting data with anyone? Or it's not collecting data at all? Either way you parse that sentence makes no sense to me. This app is also not listed under the Location Services app list, which seems strange... How else would this app work other than by tracking your location?
For example, depending on your cell phone plan, data transfer may incur high costs, especially when roaming etc. Therefore, owners of cell phones may be interested in limiting it to the absolute minimum.
As I see it, this consideration by itself already should have prevented this automatic installation.
Automatic app installation and updates will only trigger when charging, not in active use for >90 minutes, and on a wifi network that's not set as metered
the app doesn't use any data, just a bluetooth connection for exchanging keys with nearby devices, and wifi for downloading the keys published by people who tested positive
"Automatically update the programs I currently have installed when new versions are available, with a flag to disable this behavior" vs. "Arbitrarily install new programs from scratch via a separate mechanism that doesn't respect the 'disable automatic updates' flag"
Windows Update pushes all sorts of junk. At some point, Nadella must have realized, "Shit, Windows users put up with years of adware on their computers in the 90s and 00s. We're leaving money on the table by not taking advantage of this!"
Ex: In 2019, Microsoft added a shortcut Win+Ctrl+Alt+Shift that when pressed, brings up an advertisement to buy MS Office, which I have no use for, and you need to edit the registry to disable the shortcut. I already gave MS thousands of dollars for the laptop, you'd think they could leave me alone if they want me to buy another one.
Although at least with Windows, you can remove most of the damage yourself, which is more than can be said for Android. Quite honestly why does the Computer Fraud and Abuse Act exist if manufacturers remain free to abuse your machines at will?
the difference is that there is a fundamentally different power dynamic, you can just not do business with microsoft, you can't do that with the government.
I think some of he "consent" norms we are building up are a double edged sword.
Ooh, its good to reinforce the idea that users need freedom.
OTOH, "consent" isn't really an informed consent. It's pages of TCs, UI antipatterns and take-it-or-leave-it choices. In practice, I don't think consent is genuinely increasing user sovereignty. It's more about disclosure than consent, currently. Human centIpad stuff.
We were held indefinitely inside, denied freedom of association and travel, the social media companies went berserk censoring anything that didn't fit the narrative. The restrictions were sometimes contradictory or made no sense or worked and nobody cared to check which were which.
And somehow installing app without asking is surprising and a problem. You have been already trough far worse in the last year.
Yeah I noticed this on my phone yesterday. And I only noticed it because I have auto updates disabled for the Play Store and it was asking for an update. When I searched my installed apps list (both in the phone settings and in the Play Store), it did not show up. So not only was this silently installed on my phone without permission, it was hidden from me even seeing it was installed.
Some have speculated that this may only be happening to people who mistakenly (or purposefully) turned on the COVID-19 Exposure Notifications in the Google Settings. But I confirmed that that setting is turned off on my phone and the app still installed silently on my device anyway.
update: just checked my wife's phone and there was a notification asking if you want to be part of the exposure notification. Clicked NO and checked the apps- the app was already installed even though I said no. Epic fail for MA gov.
It is done silently using "INSTALL_ASSET" and "REMOVE_ASSET" directives. Both are implemented in Google Play Services. No user interaction ever needed.
And to think I was upset that I couldn't uninstall Facebook from my Galaxy S10 (only 'disable it', for whatever that's worth) and got rid of that phone yesterday. I mean, I paid $700 or so for an unlocked phone and I can't uninstall the biggest piece of spyware in modern history.
This kind of stuff is out of control and consumers need to seriously stand up to this in court.
of course anyone following the details of covid understands that contact tracing is useless with high cycle PCR testing, asymptomatic spread, and widespread infection rates. contact tracing has been shown to be ineffective and a waste of resources since it was tried in the very beginning. but govt continues to dump money and create regulations into this folly.
From what I've read (I don't live in Massachusetts), the app is installed via the auto update channel, but it explicitly asks permission to activate.
If you think this is bad, the commercial apps that have been auto-installing for years, without notifying the user, should have you throwing a conniption.
I live in MA, i had no prompt asking me to activate this at all. it was silently installed without any notice. this isn't an auto update, this was an unsolicited app install.
I tapped on the developer link on the app's main page in the mobile Play store on my phone, and it said no results found. How can that app be in the store of a publisher that doesn't exist?
Eventually there will be laws preventing the horrible things smartphone OS vendors (or alternatively, a practical end to democracy) but in the mean time you should avoid smartphones.
Just to be clear, if you do nothing, then some code gets installed but no bluetooth messages are sent or received right? And by default covid exposure notifications are off?
This is exactly why I hate all the "app stores". The idea that anyone can just decide to install an app on my phone prevents me from using anything touched by google.
I suppose Google didn't consider that this would further fuel anti-mask/vax conspiracy theories and further harm efforts to eradicate pandemics and viruses.
The problem is that you dont opt in to COVID-19 exposure notifications. It was enable by default. I disabled it as soon as I found it.I just checked for the app and its not installed on my phone.
Had it on both my phones. Would not have known except kept getting alerts and someone told me to check my app list in Settings. Outrageous violation. Like being in communist China.
Just the thought of Google being able to do something like this scares the $&@*#% out of me. How on earth can you trust a company that does something like this?
Everyone trusts Google, whether they like it or not. This is the definition of trust that security operations use: A trusts B if B is capable of doing something nasty to A.
Google has a heck-load of money. They could pay a disreputable aggregate company to deliver a load of tonne-bags of gravel to my front garden, blocking my car in, and generally destroying the landscaping. I trust them not to do this, and the reason this is true is because I haven't taken 100%-effective steps that would prevent them from doing so, and therefore they are capable of it. This example may seem a little ridiculous (there are no 100%-effective steps I could take, and I think they're trustworthy on this particular score), but it is a technically correct example of how everyone trusts Google.
Putin or Kim Jong Il or Brad Pitt could also pay to get gravel delivered to your address. You have not taken any specific 100% effective steps to prevent them, any more than you’ve done with Google, right?
Many might not have a choice. If you need a SmartPhone and can’t afford an iPhone, you’re out of options. Most of the apps people actually need has to be installed via the Play Store.
You basically get a (more) privacy focus OS from a luxury brand or you get your OS from an advertising company.
To some extent, but this is beyond what is acceptable. Even if this is so support COVID notifications. Any install on an unmanaged device should be asking for permission to install something, unless you opt-in or something.
It's part of the Play Store. You'd need to install a non-Google build of Android (e.g. LineageOS) which doesn't include Play Store/Services, which also means you can't download apps etc from there.
You can use a 3rd party client like Aurora store to download apps from Google Play.
However, it's better to get the from an alternative source like F-Droid if possible.
There should be a theorem that says a society will either drift into trustless oppressive state that imposes a functioning order by force or evolves a dense graph of trust relations where changes improving collective welfare propagate without friction.
That's not a distinction most will recognize, partly because believing this is true requires you to trust Google wouldn't share sensitive data with the authorities. They just proved they will happily push code to your device without notifying you at all, if they think it's for the greater good.
There’s nothing worrying about that. You get tons of apps installed without consent (including whatever spam your network provider pushes on you).
This app can actually save lives without sacrificing any privacy, pushing it to users is something that has no drawbacks.
The largest trouble for the German version of the app was that not enough people installed it. Choosing to install it automatically isn’t something nefarious under these circumstances.
> There’s nothing worrying about that. You get tons of apps installed without consent (including whatever spam your network provider pushes on you).
That is different. They are pre-installed and I can list them and disable them. They do not install suddenly by themselves months after buying the device. If they did so, there would be an outrage.
> This app can actually save lives without sacrificing any privacy, pushing it to users is something that has no drawbacks.
Yeah, "for our own good". Next time it would be an app that sends an alarm when an excon is near you. And next time it would be an app that sends an alarm when someone who shows dangerous opinions (ie. against government) is near you. No thanks, please unsubscribe me of this Chinese dystopia.
> They do not install suddenly by themselves months after buying the device. If they did so, there would be an outrage.
They absolute can do that, and do that. For example, if you switch SIM cards, the phone can (and in some situations will) install whatever crap the ISP chooses.
In my case, inserting a SIM card from ALDI’s carrier used to auto-install some weather, news, and similar stuff. Luckily that stopped recently.
This can happen at any time, actually.
> Yeah, "for our own good".
Sometimes it is actually for your own good. I agree that it can be a slippery slope, but using the available means to save lives is sometimes necessary.
The only risk is governments not returning the power they got during this pandemic, but that’s more of a worry in 3rd-world-dictatorships.
> In my case, inserting a SIM card from ALDI’s carrier used to auto-install some weather, news, and similar stuff. Luckily that stopped recently.
Surely there is a prompt. I never had apps silently auto-install in my phone. If that is true, one more reason to go with the custom rom way.
> The only risk is governments not returning the power they got during this pandemic, but that’s more of a worry in 3rd-world-dictatorships.
In my life I've seen a lot of just-for-emergency-temporary-only laws that become permanent once the outrage subsides. In supposedly first world countries
> Surely there is a prompt. I never had apps silently auto-install in my phone. If that is true, one more reason to go with the custom rom way.
Nope, Google Play Services does this all in the background. The same happens if Google thinks you’ve reinstalled your device (e.g. by wiping the Play Services data) and it starts installing some of Google’s default apps again, without prompts
> I have an app that can save your life, trust me. And give me your email so I can send it to you ;)
Great, send me the source code, I’ll get it released on f-droid and then I’ll install the f-droid version of it, just like I’ve got the f-droid and microG version of the Corona Warn App installed :)
It is a slippery slope, the boundaries keep getting pushed, I think no one really cares about the app but just the fact that for some people it apparently is hidden installed.
> This app can actually save lives without sacrificing any privacy, pushing it to users is something that has no drawbacks.
This app might have absolutely no privacy leaks; honestly, it’s too early to know that yet. The code is not published; there’s been no public auditing of the backend data handling practices.
Given that, I see drawbacks.
I did not opt-in to the MA one when prompted on iOS (and it did not install [as far as I can tell]).
In my country, the government re-skinned the Singaporean open source covid19 app, which appears to be about the same thing as this one.
The government didn't install it in every phone, but they made it mandatory for business-owners to check that you have the app enabled if you want to enter their premises. Everyone needs to eat/shop, so most people were forced to install the app.
Every grocery store has a greeter at the door to check you have the app running, check your temperature, and squirt sanitiser on your hands.
People just will worry about apps which suddenly appear on their phones without their action. And this is totally justified, as the chance that this could be something malicious is much higher than being something non-malicious.
Having said that, I totally agree that German government should have done more to push the Corona Warn App - but only in public relation terms. I totally think Corona Warn App does not live to its full potential in Germany because it is not installed widely enough. But you just cannot do this by force.
Luckily neither Scheuer nor Spahn were involved with the CWA. Check the source code, it’s actually really neat.
Doesn’t help with the rest of the fuckups, obviously. Significantly worse is that now everyone has started switching to the luca app, which actually is a dystopian nightmare as it stores everything on its servers, forever, and sells everything to ad partners.
A quick check reveals a few things to me: a) the only thing the CWA seems to do to "protect" privacy is to send fake queries from time to time, which doesn't remove the real ones b) its 16 years and up without parental consent which implies that it does not meet the privacy requirements for children and c) it involves Google, which is one dystopian tech company too much for my comfort.
Except, the Corona Warn App is the biggest crap that I have ever seen. Yes, the code is open and free and super transparent; morally superior. But what about the effectiveness of this app? Even the German officials do not mention this app since many many many months. The app was criticised from all sides due to lack of effectiveness.
Even the freedom-loving large news outlets published their opinions that they would have wished to see some sacrifice of those high morals for at least SOME level of effectiveness.
I have the app and it is a big piece of junk since day 1. My brother is a doctor and is using this app. He has regular direct contact with Covid patients. Do you know how many "high risk contact" notifications he has received since Summer 2020? Yes, you guessed it: 0.
The app was recently evaluated for effectiveness.[1] 110-230k people were tested positive as a result of a warning and therefore isolated. They found that it had about the same effect as the tracing efforts by all public health authorities combined.
The RKI estimates the contribution that the Corona-Warn-App makes to containment to be roughly as high as that of all health authorities together. [1]
I'm surprised your brother has not received any notifications. My partner is a doctor at a major university hospital and has been warned repeatedly to say the least. During the second wave, the Corona Warn App showed low or high risk warnings pretty much every week.
The Corona Warn App won’t give you a warning unless you’ve spent a minimum amount of time next to that person. In Germany, patients often spend only very few minutes near the doctors themselves. That may explain the lack of warnings.
That's some seriously flawed logic, and a much bigger issue, if you are correct. They should have tried an information campaign first. If that didn't work then clearly people voted against it, and they have no business going against that. If they think they know better than the people they undermine democracy.
Germany had a massive ad campaign for months without much success. The issue remains that people are lazy. That’s part of why microsoft bundling IE was banned, because 90%+ of users won’t go out of their way to install something.
I can't find those ads, but most likely the ads were uninformative so people did not find them to be instructive. Suggestion without reference to fact is the norm with those campaigns.
gov.ma.covid19.exposurenotifications.v3 nor gov.ma.covid19.exposurenotifications installed. I turned off auto-updates in the Play store (Settings -> Network preferences -> Auto update apps -> Don't auto update apps) and went to sleep. This morning I woke up with a cheerful notification that Google can help with COVID notifications and gov.ma.covid19.exposurenotifications.v3 installed -- the app was pushed overnight over explicit instructions NOT to update (sure, one can say auto-install != auto-update, but it is worrying that forced pushes can happen even with every single relevant UI switch turned off).
adb logcat seems to have the following relevant lines:
After that the package immediately becomes active: So no, it is not just "oh those people opted in and just forgot".